# yamllint disable rule:line-length rule:truthy
---
name: Dispatch - Update Flake Lock
run-name: ${{ github.actor }} - update-flake-lock
on:
  workflow_dispatch:
    inputs:

jobs:
  update-flake-lock:
    runs-on: ubuntu
    container:
      image: ubuntu:24.04
      options: --mount type=bind,src=/dev/net/tun,dst=/dev/net/tun --privileged
    steps:
      - name: "Setup: Runner"
        run: |
          set -x
          apt update -y
          apt install git nodejs nix-bin sudo curl -y
          git config --global user.email "${{github.actor}}"
          git config --global user.name "Forgejo Runner"
          echo "100.64.0.5 gotify.sysctl.io" >> /etc/hosts

      - name: "Setup: Tailscale Repo"
        run: |
          set -x
          mkdir -p --mode=0755 /usr/share/keyrings
          curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/lunar.noarmor.gpg | sudo tee /usr/share/keyrings/tailscale-archive-keyring.gpg >/dev/null
          curl -fsSL https://pkgs.tailscale.com/stable/ubuntu/lunar.tailscale-keyring.list | sudo tee /etc/apt/sources.list.d/tailscale.list
          apt update -y
          apt install tailscale -y

      - name: "Setup: SSH"
        run: |
          rm -rf /root/.ssh
          mkdir /root/.ssh
          echo "${{ secrets.SSH_PUBLIC_KEY }}"  > /root/.ssh/id_ed25519.pub
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > /root/.ssh/id_ed25519
          chmod 700 /root/.ssh
          chmod 600 /root/.ssh/id_ed25519
          chmod 644 /root/.ssh/id_ed25519.pub
          echo "Result:  $?"

      - name: "Setup: Headscale Network"
        run: |
          set -x
          sudo tailscaled --cleanup
          sudo tailscaled --no-logs-no-support --state=mem: 2> ~/tailscaled.log &
          sudo tailscale up \
              --login-server=https://headscale.sysctl.io \
              --accept-routes \
              --accept-dns \
              --authkey ${{ secrets.TAILSCALE_KEY }}  \
              --hostname forgejo-runner \
              --advertise-tags "tag:forgejo,tag:container,tag:ephemeral"
          sudo tailscale status
          sudo tailscale netcheck

      - name: "SSH and Update / Check"
        run: |
          ssh -q -A -o StrictHostKeyChecking=no albert@warsaw-ovh-01 \
              "
              set -x
              eval (ssh-agent -c)
              ssh-add
              env | grep SSH
              cd /etc/nixos/git
              git pull
              nix flake update
              nix flake check --show-trace
              "

      - if: success()
        name: "Sucess: Git Commit & Push"
        run: |
          ssh -q -A -o StrictHostKeyChecking=no albert@warsaw-ovh-01 \
              "
              set -x
              eval (ssh-agent -c)
              ssh-add
              env | grep SSH
              cd /etc/nixos/git
              git -c commit.gpgsign=false commit -am '[ACTIONS] Flake Update (`date +%Y-%m-%d`)' \
              && git push
              "

      - if: success()
        uses: https://git.sysctl.io/actions/gotify-action@master
        with:
          gotify_api_base: '${{ secrets.GOTIFY_URL }}'
          gotify_app_token: '${{ secrets.GOTIFY_TOKEN }}'
          notification_title: '[ ${{ github.repository }}: ${{ github.workflow }} ] NixOS Flake Updated'
          notification_message: 'Build completed successfully.'
      - if: failure()
        uses: https://git.sysctl.io/actions/gotify-action@master
        with:
          gotify_api_base: '${{ secrets.GOTIFY_URL }}'
          gotify_app_token: '${{ secrets.GOTIFY_TOKEN }}'
          notification_title: '[ ${{ github.repository }}: ${{ github.workflow }} ] Build Failed'
          notification_message: 'Your build has failed.  Check Forgejo.'
        name: "Send Notification"